CVE-2000-0614
CVSS10.0
发布时间 :2000-07-10 00:00:00
修订时间 :2008-09-10 15:05:12
NMCOS    

[原文]Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.


[CNNVD]tnef 0-123邮件解码器文件覆盖漏洞(CNNVD-200007-019)

        Linux系统中Tnef程序存在漏洞。远程攻击者可以借助指定了解压缩输出绝对路径名的TNEF编码压缩附件来覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:6.3::ppc
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:6.3:alphaSuSE SuSE Linux 6.3 alpha
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0614
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200007-019
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1450
(VENDOR_ADVISORY)  BID  1450
http://archives.neohapsis.com/archives/vendor/2000-q3/0002.html
(VENDOR_ADVISORY)  SUSE  20000710 Security Hole in tnef < 0-124

- 漏洞信息

tnef 0-123邮件解码器文件覆盖漏洞
危急 访问验证错误
2000-07-10 00:00:00 2005-10-20 00:00:00
远程※本地  
        Linux系统中Tnef程序存在漏洞。远程攻击者可以借助指定了解压缩输出绝对路径名的TNEF编码压缩附件来覆盖任意文件。

- 公告与补丁

        The following patches are available from SuSE:
        AXP:
        cc4983da1084c911998ddcc589050ec2 ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/tnef-0-124.alpha.rpm
        ae9b2d0e3231ee9ce35ee2fe0bd7788d ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/tnef-0-124.src.rpm
        451485d86daa2b45ae897dc88bf8a61b ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/tnef-0-124.alpha.rpm
        4bd689ba7abb7235b84570a90b3875d8 ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tnef-0-124.src.rpm
        i386:
        5909688f8568eb1f14591c1428235777 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/tnef-0-124.i386.rpm
        5c02ff06d98030541afb10c178a206f3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/tnef-0-124.src.rpm
        58fa8e976df90aa09c30bf8fd5f6b2b5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/tnef-0-124.i386.rpm
        1a99d0cd8315ae3a1990781b7977c4c6 ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tnef-0-124.src.rpm
        PPC:
        3be0b423e678923f27c42f8c59c09ab4 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/ap1/tnef-0-124.ppc.rpm
        5f7f8c3c025c2f114aa115532e250723 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/zq1/tnef-0-124.src.rpm
        b37d6374a7b0147dbd6bf9889ec68367 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/tnef-0-124.ppc.rpm
        695fcd009a345638f049200dc0d6279d ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tnef-0-124.src.rpm

- 漏洞信息

13695
Linux Tnef Compressed Attachment Arbitrary File Overwrite

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-07-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

tnef 0-123 Mail Decoder File Overwrite Vulnerability
Access Validation Error 1450
Yes Yes
2000-07-10 12:00:00 2009-07-11 02:56:00
A S.u.S.E. Advisory was released on July 10, 2000 which addressed this issue.

- 受影响的程序版本

S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3

- 漏洞讨论

SuSE Linux versions 6.3 and 6.4 (and possibly other Linux distributions) came packaged with tnef, a package which extracts mail compressed by Microsoft Outlook. The compressed mail includes a path and filename to write the extracted message to. A malicious email could be crafted to overwrite any file, for example, /etc/passwd - the permissions to complete this action could be gained by mailing to root.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The following patches are available from SuSE:
AXP:
cc4983da1084c911998ddcc589050ec2 ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/tnef-0-124.alpha.rpm
ae9b2d0e3231ee9ce35ee2fe0bd7788d ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/tnef-0-124.src.rpm

451485d86daa2b45ae897dc88bf8a61b ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/tnef-0-124.alpha.rpm
4bd689ba7abb7235b84570a90b3875d8 ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tnef-0-124.src.rpm

i386:
5909688f8568eb1f14591c1428235777 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/tnef-0-124.i386.rpm
5c02ff06d98030541afb10c178a206f3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/tnef-0-124.src.rpm

58fa8e976df90aa09c30bf8fd5f6b2b5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/tnef-0-124.i386.rpm
1a99d0cd8315ae3a1990781b7977c4c6 ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tnef-0-124.src.rpm

PPC:
3be0b423e678923f27c42f8c59c09ab4 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/ap1/tnef-0-124.ppc.rpm
5f7f8c3c025c2f114aa115532e250723 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/zq1/tnef-0-124.src.rpm

b37d6374a7b0147dbd6bf9889ec68367 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/tnef-0-124.ppc.rpm
695fcd009a345638f049200dc0d6279d ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tnef-0-124.src.rpm

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站